Learning Outcomes. Physical Security. Zoning systems. Zone 1 Open areas. Information Security

Size: px
Start display at page:

Download "Learning Outcomes. Physical Security. Zoning systems. Zone 1 Open areas. Information Security"

Transcription

1 Learning Outcomes Physical Security Information Security Dr Hans Georg Schaathun After this week, students should be able to identify threats and useful controls in the physical environment of an information system Høgskolen i Ålesund Autumn 2011 Week 7 Dr Hans Georg Schaathun Physical Security Autumn 2011 Week 7 1 / 1 Dr Hans Georg Schaathun Physical Security Autumn 2011 Week 7 2 / 1 Zoning systems Zone 1 Open areas divided into areas with different security controls. Why may this be a good idea? Assets with different value criticality user access requirements Staff with various access requirements Other people with various access requirements Outer areas Outdoor, maybe reception area Typical controls: good fence CCTV The following is an example. Different operation will have very different needs. Dr Hans Georg Schaathun Physical Security Autumn 2011 Week 7 5 / 1 Dr Hans Georg Schaathun Physical Security Autumn 2011 Week 7 6 / 1

2 Zone 2 Main offices Zone 3 Restricted access Most staff work here Typical controls: locks and alarms on doors and windows Few staff require regular access Typical controls: locks and alarms on doors and windows reinforced windows (security glass) access control with identification and logging Dr Hans Georg Schaathun Physical Security Autumn 2011 Week 7 7 / 1 Dr Hans Georg Schaathun Physical Security Autumn 2011 Week 7 8 / 1 Server halls Zone 4 Data centres and inner sanctums Question Only very few staff require access Typical controls: locks and alarms on doors should not have windows access control with identification and logging motion sensors assault alarms What threats are we concerned with when we design the physical rooms to host a server rack or mainframe? Dr Hans Georg Schaathun Physical Security Autumn 2011 Week 7 9 / 1 Dr Hans Georg Schaathun Physical Security Autumn 2011 Week 7 11 / 1

3 Server halls Server halls Typical Threats Dedicated server room Unauthorised, physical access (incl. burglary) Interuptions of power supply Fire Flood (rainwater or broken water pipes) Temperature (too high or too low) Humidity, dust, air particles etc. Radiation Peaking Why is a dedicated server room a good idea, even for a local LAN server? Threats by human error: Disconnecting Stumbling in a network cable Moving cables to clean the floor Mistaking the server for a workstation e.g. turning it off at night A dedicated server room is a good control, reducing the strain faced in rooms that are in continuous use. Dr Hans Georg Schaathun Physical Security Autumn 2011 Week 7 12 / 1 Dr Hans Georg Schaathun Physical Security Autumn 2011 Week 7 13 / 1 The context Authorisation versus Identification Consider the physical access control to enter a room (e.g. server room). What do we mean by 1 Identification? 2 Authorisation? 3 Authentication? Dr Hans Georg Schaathun Physical Security Autumn 2011 Week 7 15 / 1 Dr Hans Georg Schaathun Physical Security Autumn 2011 Week 7 16 / 1

4 Identification and Authentication Authorisation Identification establishing the identity of the person, linking a physical person to a personell record. Authentication verifying the correctness of the identification Why do we use identification in access control? Authorisation privileges specified in personnel record. Audit logs recording access for audit trail Authorisation refers to determining what a given individual is permitted to do. Authorisation does not require identification A mechanical key authorises someone to enter a locked room. The authority is linked to the key not the identity of the person carrying it Mechanical locks give authorisation without identification Dr Hans Georg Schaathun Physical Security Autumn 2011 Week 7 17 / 1 Dr Hans Georg Schaathun Physical Security Autumn 2011 Week 7 18 / 1 To identify or not to identify Principles of identification Two separate controls: Access control (authorisation) Access logging (identification) What challenges are related to logging? Privacy Privacy legislation What are the advantages of logging? Trace abuse Formal agreement between employer and employee can help get acceptance. Something carried a key, a keycard, an identity card, a uniform Something known a password, PIN, pass phrase Something one is fingerprint, palmprint, iris scan, facial recognition voice recognition, signature recognition (behaviourlal) Or any combination of the above Dr Hans Georg Schaathun Physical Security Autumn 2011 Week 7 19 / 1 Dr Hans Georg Schaathun Physical Security Autumn 2011 Week 7 20 / 1

5 Something carried Something known Advantages and disadvantages? simple relatively cheap loss and theft Advantages and disadvantages? very cheap difficult to remember leading to human errors and possible compromising Dr Hans Georg Schaathun Physical Security Autumn 2011 Week 7 21 / 1 Dr Hans Georg Schaathun Physical Security Autumn 2011 Week 7 22 / 1 Biometrics Advantages and disadvantages? relatively expensive but getting cheaper imperfect authentication but getting better simple for the user nothing to bring, nothing to remember difficult to forge or steal Dr Hans Georg Schaathun Physical Security Autumn 2011 Week 7 23 / 1 Dr Hans Georg Schaathun Physical Security Autumn 2011 Week 7 24 / 1

6 Privilege Management Power supply Power related threat events Consider many groups of users rank and file staff technical staff specially vetted staff permanent contractors temporary contractors visitors Privilege management is complex who needs what? What threat events may happen relating to power? Variations in voltage or frequency Pulses Power glitches Blackout What happens to the equipment in these cases? Dr Hans Georg Schaathun Physical Security Autumn 2011 Week 7 25 / 1 Dr Hans Georg Schaathun Physical Security Autumn 2011 Week 7 27 / 1 Controls Power supply Cabling Power supply UPS Uninterupted power supply. Prevents loss from glitches and short outages. Generators Prevents loss from blackout. Does not protect against glitches as they take time to start. Transformers Evens out instability to avoid damage from voltage or frequency variations, and from pulses Needs depend on local mains quality Workstations and printers may not require controls Be aware of power instability in the case of inexplicable hardware fault Cables have to be tidy to avoid interuption when installations are upgraded to avoid human error Patch panels 10cm above floor level to avoid damage in case of (minor) flooding Separate, locked areas to avoid casual contact and accidents Dr Hans Georg Schaathun Physical Security Autumn 2011 Week 7 28 / 1 Dr Hans Georg Schaathun Physical Security Autumn 2011 Week 7 29 / 1

7 Climate Fire Cooling is critical. and the cooling system must be sufficiently reliable Other threats Dust Static electricity Fire detectors Fire alarms alert fire brigade open escape routes and close fire doors control lifts close vents and stop fans Fire extinguishers remember: right type for the situation Collaboration with fire brigade is useful Dr Hans Georg Schaathun Physical Security Autumn 2011 Week 7 31 / 1 Dr Hans Georg Schaathun Physical Security Autumn 2011 Week 7 32 / 1 Flooding Watch surveillance alarm Risks include leakage from higher floors leakage from cooling system leaks from pressurised pipes in adjacent rooms floods and land slides Guards (expensive, especially 24/7) Response teams Surveillance Monitoring incident reports flagging of unusual incidents risk reviews Dr Hans Georg Schaathun Physical Security Autumn 2011 Week 7 33 / 1 Dr Hans Georg Schaathun Physical Security Autumn 2011 Week 7 34 / 1

8 Radiation Laptop controls Mobile and Portable Systems EMR electromagnetic radiation allows eavesdropping can be shielded (Faraday cage) EMP electromagnetic pulse attack knocks out equipment Burglar alarms Anti-theft software reporting location to a server Invisible markings Cable lock Backup Dr Hans Georg Schaathun Physical Security Autumn 2011 Week 7 35 / 1 Dr Hans Georg Schaathun Physical Security Autumn 2011 Week 7 37 / 1 Telecommuting Heimekontor Mobile and Portable Systems What challenges arise when staff work from home? How do you deal with it? additional security at home? restricted information access for home work? Solutions VPN Virtual Private Networks per service remove access Dr Hans Georg Schaathun Physical Security Autumn 2011 Week 7 38 / 1

Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013

Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013 Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013 Rule 4-004L Payment Card Industry (PCI) Physical Security (proposed) 01.1 Purpose The purpose

More information

CSE 265: System and Network Administration

CSE 265: System and Network Administration CSE 265: System and Network Administration Data Centers Desirable features Planning Hardware Maintenance Facebook Oregon Data Center (2012) Desirable features of a data center Desirable features of a data

More information

Information Security Team

Information Security Team Title Document number Add document Document status number Draft Owner Approver(s) CISO Information Security Team Version Version history Version date 0.01-0.05 Initial drafts of handbook 26 Oct 2015 Preface

More information

MARULENG LOCAL MUNICIPALITY

MARULENG LOCAL MUNICIPALITY MARULENG LOCAL MUNICIPALITY Data Centre Physical Access and Environmental Control Policy Draft: Data Centre Access Control and Environmental Policy Page 1 Version Control Version Date Author(s) Details

More information

Security Control Standard

Security Control Standard Department of the Interior Security Control Standard Physical and Environmental Protection April 2011 Version: 1.1 Signature Approval Page Designated Official Bernard J. Mazer, Department of the Interior,

More information

Physical and Environment IT Security Standards

Physical and Environment IT Security Standards Physical and Environment IT Security Standards Author s Name: Jo Brown Author s Job Title: Head of Technical Services Division: Corporate Department: Technical Services Version Number: 1.0 Ratifying Committee:

More information

HIPAA Security Alert

HIPAA Security Alert Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information

More information

HIPAA RISK ASSESSMENT

HIPAA RISK ASSESSMENT HIPAA RISK ASSESSMENT PRACTICE INFORMATION (FILL OUT ONE OF THESE FORMS FOR EACH LOCATION) Practice Name: Address: City, State, Zip: Phone: E-mail: We anticipate that your Meaningful Use training and implementation

More information

Lauren Hamill, Information Governance Officer. Version Release Author/Reviewer Date Changes (Please identify page no.) 1.0 L.

Lauren Hamill, Information Governance Officer. Version Release Author/Reviewer Date Changes (Please identify page no.) 1.0 L. Document No: IG10d Version: 1.1 Name of Procedure: Third Party Due Diligence Assessment Author: Release Date: Review Date: Lauren Hamill, Information Governance Officer Version Control Version Release

More information

Information Technology General Controls Review (ITGC) Audit Program Prepared by:

Information Technology General Controls Review (ITGC) Audit Program Prepared by: Information Technology General Controls Review (ITGC) Audit Program Date Prepared: 2012 Internal Audit Work Plan Objective: IT General Controls (ITGC) address the overall operation and activities of the

More information

Information Technology Security Procedures

Information Technology Security Procedures Information Technology Security Procedures Prepared By: Paul Athaide Date Prepared: Dec 1, 2010 Revised By: Paul Athaide Date Revised: September 20, 2012 Version 1.2 Contents 1. Policy Procedures... 3

More information

HIPAA Security COMPLIANCE Checklist For Employers

HIPAA Security COMPLIANCE Checklist For Employers Compliance HIPAA Security COMPLIANCE Checklist For Employers All of the following steps must be completed by April 20, 2006 (April 14, 2005 for Large Health Plans) Broadly speaking, there are three major

More information

800 319 5581 800 319 5582 Fax www.protectmyministry.com www.mobilizemyministry.com

800 319 5581 800 319 5582 Fax www.protectmyministry.com www.mobilizemyministry.com 800 319 5581 800 319 5582 Fax www.protectmyministry.com www.mobilizemyministry.com Protect My Ministry websites including www.ministryopportunities.org have the following SSL Certificates and protection:

More information

REVIEWED ICT DATA CENTRE PHYSICAL ACCESS AND ENVIROMENTAL CONTROL POLICY

REVIEWED ICT DATA CENTRE PHYSICAL ACCESS AND ENVIROMENTAL CONTROL POLICY LI_M_POPO PROVINCIAL GOVERNMENT :;:ED.JBl-C ()F SO"';-H AFR;IC. ':.,. DEPARTMENT OF CO-OPERATIVE GOVERNANCE, HUMAN SETTLEMENTS & TRADITIONAL AFFAIRS REVIEWED ICT DATA CENTRE PHYSICAL ACCESS AND ENVIROMENTAL

More information

Please note this policy is mandatory and staff are required to adhere to the content

Please note this policy is mandatory and staff are required to adhere to the content Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the

More information

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225

More information

Rotherham CCG Network Security Policy V2.0

Rotherham CCG Network Security Policy V2.0 Title: Rotherham CCG Network Security Policy V2.0 Reference No: Owner: Author: Andrew Clayton - Head of IT Robin Carlisle Deputy - Chief Officer D Stowe ICT Security Manager First Issued On: 17 th October

More information

IT Security Standard: Computing Devices

IT Security Standard: Computing Devices IT Security Standard: Computing Devices Revision History: Date By Action Pages 09/30/10 ITS Release of New Document Initial Draft Review Frequency: Annually Responsible Office: ITS Responsible Officer:

More information

Major Risks and Recommended Solutions

Major Risks and Recommended Solutions Major Risks and Recommended Solutions www.icdsecurity.com OVERVIEW Are you familiar with the main security risks that threaten data centers? This paper provides an overview of the most common and major

More information

Risk Assessment Guide

Risk Assessment Guide KirkpatrickPrice Assessment Guide Designed Exclusively for PRISM International Members KirkpatrickPrice. innovation. integrity. delivered. KirkpatrickPrice Assessment Guide 2 Document Purpose The Assessment

More information

ABERDARE COMMUNITY SCHOOL

ABERDARE COMMUNITY SCHOOL ABERDARE COMMUNITY SCHOOL IT Security Policy Drafted June 2014 Revised on....... Mrs. S. Davies (Headteacher) Mr. A. Maddox (Chair of Interim Governing Body) IT SECURITY POLICY Review This policy has been

More information

Type Threats Origin. Destruction of equipment or media. Dust, corrosion, freezing. Climatic phenomenon. Seismic phenomenon. Volcanic phenomenon

Type Threats Origin. Destruction of equipment or media. Dust, corrosion, freezing. Climatic phenomenon. Seismic phenomenon. Volcanic phenomenon nnex C (informative) xamples of typical threats The following table gives examples of typical threats. The list can be used during the threat assessment process. Threats may be deliberate, accidental or

More information

HIPAA Privacy and Security Risk Assessment and Action Planning

HIPAA Privacy and Security Risk Assessment and Action Planning HIPAA Privacy and Security Risk Assessment and Action Planning Practice Name: Participants: Date: MU Stage: EHR Vendor: Access Control Unique ID and PW for Users (TVS016) Role Based Access (TVS023) Account

More information

Information Security

Information Security Information Security A staff guide to the University's Information Systems Security Policy Issued by the IT Security Group on behalf of the University. Information Systems Security Guidelines for Staff

More information

ISO IEC 27002 2005 (17799 2005) INFORMATION SECURITY AUDIT TOOL

ISO IEC 27002 2005 (17799 2005) INFORMATION SECURITY AUDIT TOOL 9.1 USE SECURITY AREAS TO PROTECT FACILITIES 1 GOAL Do you use physical methods to prevent unauthorized access to your organization s information and premises? 2 GOAL Do you use physical methods to prevent

More information

Document Details. 247Time Backup & Disaster Recovery Plan. Author: Document Tracking. Page 1 of 12

Document Details. 247Time Backup & Disaster Recovery Plan. Author: Document Tracking. Page 1 of 12 Document Details Title: Author: 247Time Backup & Disaster Recovery Plan Document Tracking Page 1 of 12 TABLE OF CONTENTS 1 INTRODUCTION... 3 1.1 OVERVIEW... 3 1.2 DEFINED REQUIREMENT... 3 2 DISASTER OVERVIEW...

More information

Course: Information Security Management in e-governance

Course: Information Security Management in e-governance Course: Information Security Management in e-governance Day 2 Session 2: Security in end user environment Agenda Introduction to IT Infrastructure elements in end user environment Information security

More information

FORM 20A.9 SAMPLE AUDIT PROGRAM FOR TESTING IT CONTROLS. Date(s) Completed. Workpaper Reference

FORM 20A.9 SAMPLE AUDIT PROGRAM FOR TESTING IT CONTROLS. Date(s) Completed. Workpaper Reference FORM 20A.9 SAMPLE AUDIT PROGRAM FOR TESTING IT CONTROLS Workpaper Reference Date(s) Completed Organization and Staffing procedures used to define the organization of the IT Department. 2. Review the organization

More information

SITECATALYST SECURITY

SITECATALYST SECURITY SITECATALYST SECURITY Ensuring the Security of Client Data June 6, 2008 Version 2.0 CHAPTER 1 1 Omniture Security The availability, integrity and confidentiality of client data is of paramount importance

More information

Chapter 8: Security Measures Test your knowledge

Chapter 8: Security Measures Test your knowledge Security Equipment Chapter 8: Security Measures Test your knowledge 1. How does biometric security differ from using password security? Biometric security is the use of human physical characteristics (such

More information

Alarm Systems. The purpose of an intruder alarm system is: Commonly utilised detection devices include:

Alarm Systems. The purpose of an intruder alarm system is: Commonly utilised detection devices include: Alarm Systems An intruder alarm system is designed to detect intruder presence at your premises. When detected, a siren will activate and communicate an alarm signal to one of our highly sophisticated

More information

Retention & Destruction

Retention & Destruction Last Updated: March 28, 2014 This document sets forth the security policies and procedures for WealthEngine, Inc. ( WealthEngine or the Company ). A. Retention & Destruction Retention & Destruction of

More information

Mike Casey Director of IT

Mike Casey Director of IT Network Security Developed in response to: Contributes to HCC Core Standard number: Type: Policy Register No: 09037 Status: Public IG Toolkit, Best Practice C7c Consulted With Post/Committee/Group Date

More information

Content Index. 1. General... 3. 2. Location and Building... 4. 3. Telecommunication Feeds... 6. 4. Electric Power... 7. 5. Climate Control...

Content Index. 1. General... 3. 2. Location and Building... 4. 3. Telecommunication Feeds... 6. 4. Electric Power... 7. 5. Climate Control... Content Index 1. General... 3 2. Location and Building... 4 3. Telecommunication Feeds... 6 4. Electric Power... 7 5. Climate Control... 8 6. Safety and Security... 9 7. Internal Procedures... 11 General

More information

SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the specific

More information

ULH-IM&T-ISP06. Information Governance Board

ULH-IM&T-ISP06. Information Governance Board Network Security Policy Policy number: Version: 2.0 New or Replacement: Approved by: ULH-IM&T-ISP06 Replacement Date approved: 30 th April 2007 Name of author: Name of Executive Sponsor: Name of responsible

More information

Policy Document. IT Infrastructure Security Policy

Policy Document. IT Infrastructure Security Policy Policy Document IT Infrastructure Security Policy [23/08/2011] Page 1 of 10 Document Control Organisation Redditch Borough Council Title IT Infrastructure Security Policy Author Mark Hanwell Filename IT

More information

Application Development within University. Security Checklist

Application Development within University. Security Checklist Application Development within University Security Checklist April 2011 The Application Development using data from the University Enterprise Systems or application Development for departmental use security

More information

DCIM Data Center Infrastructure Monitoring

DCIM Data Center Infrastructure Monitoring DCIM Data Center Infrastructure Monitoring ServersCheck offers a flexible, modular and affordable DCIM solution. It is based on our range of IP & SNMP hardware environmental sensors and management software.

More information

THE CHALLENGES OF DATA SECURITY IN THE MODERN OFFICE

THE CHALLENGES OF DATA SECURITY IN THE MODERN OFFICE THE CHALLENGES OF DATA SECURITY IN THE MODERN OFFICE February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced

More information

Regulations on Information Systems Security. I. General Provisions

Regulations on Information Systems Security. I. General Provisions Riga, 7 July 2015 Regulations No 112 (Meeting of the Board of the Financial and Capital Market Commission Min. No 25; paragraph 2) Regulations on Information Systems Security Issued in accordance with

More information

A Systems Approach to HVAC Contractor Security

A Systems Approach to HVAC Contractor Security LLNL-JRNL-653695 A Systems Approach to HVAC Contractor Security K. M. Masica April 24, 2014 A Systems Approach to HVAC Contractor Security Disclaimer This document was prepared as an account of work sponsored

More information

Dublin Institute of Technology IT Security Policy

Dublin Institute of Technology IT Security Policy Dublin Institute of Technology IT Security Policy BS7799/ISO27002 standard framework David Scott September 2007 Version Date Prepared By 1.0 13/10/06 David Scott 1.1 18/09/07 David Scott 1.2 26/09/07 David

More information

This Time. Safety & Security in ICT Systems INFO 2. Threats to ICT systems. Hacking

This Time. Safety & Security in ICT Systems INFO 2. Threats to ICT systems. Hacking This Time Safety & Security in ICT Systems INFO 2 Oliver Boorman-Humphrey www.oliverboorman.biz This time we look at the need to protect data in ICT systems and the subsequent threats if these measures

More information

Section 12 Setting up a Mission Records Storage Facility

Section 12 Setting up a Mission Records Storage Facility Section 12 Setting up a Mission Records Storage Facility Contents Main things to Remember about Setting up a Mission Records Storage Facility Introduction Minimum Standard for Semi-active Records Storage

More information

Network Router Monitoring & Management Services

Network Router Monitoring & Management Services Network Router Monitoring & Management Services Get different parameters of routers monitored and managed, and protect your business from planned and unplanned downtime. SERVICE DEFINITION: NETWORK ROUTER

More information

6. AUDIT CHECKLIST FOR NETWORK ADMINISTRATION AND SECURITY AUDITING

6. AUDIT CHECKLIST FOR NETWORK ADMINISTRATION AND SECURITY AUDITING 6. AUDIT CHECKLIST FOR NETWORK ADMINISTRATION AND SECURITY AUDITING The following is a general checklist for the audit of Network Administration and Security. Sl.no Checklist Process 1. Is there an Information

More information

CPNI VIEWPOINT 02/2010 PROTECTION OF DATA CENTRES

CPNI VIEWPOINT 02/2010 PROTECTION OF DATA CENTRES CPNI VIEWPOINT 02/2010 PROTECTION OF DATA CENTRES APRIL 2010 CPNI in conjunction with the Sister Banks would like to acknowledge and thank ECA Ltd for their help in the preparation of this report. The

More information

Service Children s Education

Service Children s Education Service Children s Education Data Handling and Security Information Security Audit Issued January 2009 2009 - An Agency of the Ministry of Defence Information Security Audit 2 Information handling and

More information

Human Intrusion. Natural Disasters* Attackers looking to perform some sort of damage or obtain useful information

Human Intrusion. Natural Disasters* Attackers looking to perform some sort of damage or obtain useful information Physical Security Types of Threats Human Intrusion Attackers looking to perform some sort of damage or obtain useful information Natural Disasters* Fire Flood Earthquake/Seismic Vibrations Power Outages/Fluctuations

More information

Access Control and Operating Conditions Monitoring System for Telecommunication and Server Racks

Access Control and Operating Conditions Monitoring System for Telecommunication and Server Racks Access Control and Operating Conditions Monitoring System for Telecommunication and Server Racks Why is Supracontrol so superior? It adjusts to the existing access identification system It adjusts to the

More information

Physical Security Requirements. Marcus Bendtsen Institutionen för Datavetenskap (IDA) Avdelningen för Databas- och Informationsteknik (ADIT)

Physical Security Requirements. Marcus Bendtsen Institutionen för Datavetenskap (IDA) Avdelningen för Databas- och Informationsteknik (ADIT) Physical Security Requirements Marcus Bendtsen Institutionen för Datavetenskap (IDA) Avdelningen för Databas- och Informationsteknik (ADIT) Physical Security Requirements Protect against physical threats:

More information

Physical Security Policy

Physical Security Policy Physical Security Policy Author: Policy & Strategy Team Version: 0.8 Date: January 2008 Version 0.8 Page 1 of 7 Document Control Information Document ID Document title Sefton Council Physical Security

More information

Security. Enalyzer A/S

Security. Enalyzer A/S Enalyzer A/S Security At Enalyzer we do our outmost to keep our customer s data safe and our web-based survey systems accessible at any time. Our high level of performance, availability and security are

More information

Sensor Monitoring and Remote Technologies 9 Voyager St, Linbro Park, Johannesburg Tel: +27 11 608 4270 ; www.batessecuredata.co.

Sensor Monitoring and Remote Technologies 9 Voyager St, Linbro Park, Johannesburg Tel: +27 11 608 4270 ; www.batessecuredata.co. Sensor Monitoring and Remote Technologies 9 Voyager St, Linbro Park, Johannesburg Tel: +27 11 608 4270 ; www.batessecuredata.co.za 1 Environment Monitoring in computer rooms, data centres and other facilities

More information

The EVA Solution to Physical Security

The EVA Solution to Physical Security The EVA Solution to Physical Security Protect your network, your data, your infrastructure, and your personnel with security solutions from Black Box. Environmental Monitoring Access Control 1-877-342-5837

More information

IMS [Integrated Management System] Surveillance Solution Segment Focus: Gaming Industry

IMS [Integrated Management System] Surveillance Solution Segment Focus: Gaming Industry IMS [Integrated Management System] Surveillance Solution Segment Focus: Gaming Industry Needs analysis Reduce disputes over payouts Eliminate theft Detect misconduct and record it for use as evidence in

More information

Data Management Policies. Sage ERP Online

Data Management Policies. Sage ERP Online Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...

More information

Islington ICT Physical Security of Information Policy A council-wide information technology policy. Version 0.7 June 2014

Islington ICT Physical Security of Information Policy A council-wide information technology policy. Version 0.7 June 2014 Islington ICT Physical Security of Information Policy A council-wide information technology policy Version 0.7 June 2014 Copyright Notification Copyright London Borough of Islington 2014 This document

More information

Everything you need to know!

Everything you need to know! Everything you need to know! 1 Our Facilities Redback Conferencing is at the forefront of the industry in terms of security for your conferencing services. We use Equinix Sydney IBX Data Centres which

More information

OFFICE OF THE STATE AUDITOR General Controls Review Questionnaire

OFFICE OF THE STATE AUDITOR General Controls Review Questionnaire OFFICE OF THE STATE AUDITOR Agency: * University Please answer all of the following questions. Where we ask for copies of policies and procedures and other documentation, we would prefer this in electronic

More information

Security Whitepaper: ivvy Products

Security Whitepaper: ivvy Products Security Whitepaper: ivvy Products Security Whitepaper ivvy Products Table of Contents Introduction Overview Security Policies Internal Protocol and Employee Education Physical and Environmental Security

More information

UBC Technical Guidelines Section 17900 2015 Edition Secure Access: General Standards Page 1 of 7

UBC Technical Guidelines Section 17900 2015 Edition Secure Access: General Standards Page 1 of 7 Page 1 of 7 1.0 GENERAL 1.1 Related UBC Guidelines.1 Section 17910, 17920 and 17930.2 Section 17100 Cable Infrastructure Overview, sub sections 1.4.9 and 1.5.3 Section 17110 Communication Rooms, sub section

More information

Georgia Tech Aerospace Server French building Server Room. Server Room Policy Handbook: Scope, Processes and Procedure

Georgia Tech Aerospace Server French building Server Room. Server Room Policy Handbook: Scope, Processes and Procedure Georgia Tech Aerospace Server French building Server Room Server Room Policy Handbook: Scope, Processes and Procedure Version History Version/Status Release Date Comments 1.1/Draft 1.2 1.3 1.4 1.5 1.6

More information

Information Security By Bhupendra Ratha, Lecturer School of Library & Information Science D.A.V.V., Indore E-mail:bhu261@gmail.com Outline of Information Security Introduction Impact of information Need

More information

ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 1.0 Ratified By Date Ratified Author(s) Responsible Committee / Officers Issue Date Review Date Intended Audience Impact Assessed CCG Committee

More information

INFORMATION TECHNOLOGY POLICY

INFORMATION TECHNOLOGY POLICY COMMONWEALTH OF PENNSYLVANIA DEPARTMENT OF PUBLIC WELFARE INFORMATION TECHNOLOGY POLICY Name Of Policy: Physical and Environmental Security Policy Domain: Security Date Issued: 06/09/11 Date Revised: 10/11/13

More information

Wireless in the Data Centre becomes best practice!

Wireless in the Data Centre becomes best practice! Wireless in the Data Centre becomes best practice! Mobile computing has made wireless networking essential almost everywhere. Until recently the Data Centre was excluded from this advance but this is now

More information

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room MAXIMUM DATA SECURITY with ideals TM Virtual Data Room WWW.IDEALSCORP.COM ISO 27001 Certified Account Settings and Controls Administrators control users settings and can easily configure privileges for

More information

HIPAA SECURITY RISK ASSESSMENT SMALL PHYSICIAN PRACTICE

HIPAA SECURITY RISK ASSESSMENT SMALL PHYSICIAN PRACTICE HIPAA SECURITY RISK ASSESSMENT SMALL PHYSICIAN PRACTICE How to Use this Assessment The following risk assessment provides you with a series of questions to help you prioritize the development and implementation

More information

Zone B: comprises of NOC room, reception area, Help Desk area, Call Centre, Testing/Monitoring room. This zone requires approximately 1500 sq. feet.

Zone B: comprises of NOC room, reception area, Help Desk area, Call Centre, Testing/Monitoring room. This zone requires approximately 1500 sq. feet. Annexure 1 Best practices and Guidelines to Physical Security of the State Data Centre The Data Centre should ideally be built in a central location within the building complex. An approximate area of

More information

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 3.0 Ratified By Date Ratified April 2013 Author(s) Responsible Committee / Officers Issue Date January 2014 Review Date Intended Audience Impact

More information

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs)

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs) IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs) Version 3.2 Ratified By Date Ratified November 2014 Author(s) Responsible Committee / Officers Issue Date November 2014 Review Date

More information

Security Service de Services sécurité. Security Alarm Monitoring Protocol

Security Service de Services sécurité. Security Alarm Monitoring Protocol Security Service de Services sécurité TABLE OF CONTENTS 1.0 PURPOSE. Page 1 2.0 SCOPE.. Page 1 3.0 DEFINITIONS Page 1 4.0 PROTOCOL 4.1 General.. Page 4 4.2 of Buildings Perimeter Page 5 4.3 of Buildings

More information

Technical Standards for Information Security Measures for the Central Government Computer Systems

Technical Standards for Information Security Measures for the Central Government Computer Systems Technical Standards for Information Security Measures for the Central Government Computer Systems April 21, 2011 Established by the Information Security Policy Council Table of Contents Chapter 2.1 General...

More information

GMS GRAPHICAL MANAGEMENT SYSTEM

GMS GRAPHICAL MANAGEMENT SYSTEM GMS GRAPHICAL MANAGEMENT SYSTEM 1 GMS The integrated security management system for multi-site organizations. Pacom s Graphical Management System (GMS) is the modular client-server application that integrates

More information

Security and Data Center Overview

Security and Data Center Overview Security and Data Center Overview September, 2012 For more information, please contact: Matt McKinney mattm@canadianwebhosting.com 888-821-7888 x 7201 Canadian Web Hosting (www.canadianwebhosting.com)

More information

HIPAA and Network Security Curriculum

HIPAA and Network Security Curriculum HIPAA and Network Security Curriculum This curriculum consists of an overview/syllabus and 11 lesson plans Week 5 Developed by NORTH SEATTLE COMMUNITY COLLEGE for the IT for Healthcare Short Certificate

More information

IT Checklist. for Small Business INFORMATION TECHNOLOGY & MANAGEMENT INTRODUCTION CHECKLIST

IT Checklist. for Small Business INFORMATION TECHNOLOGY & MANAGEMENT INTRODUCTION CHECKLIST INFORMATION TECHNOLOGY & MANAGEMENT IT Checklist INTRODUCTION A small business is unlikely to have a dedicated IT Department or Help Desk. But all the tasks that a large organization requires of its IT

More information

PDSA Special Report. Is your Company s Security at Risk

PDSA Special Report. Is your Company s Security at Risk PDSA Special Report Introduction There is probably no such thing as a completely secure company. However, if you are not thinking about security in your company, you are running a big risk. We are not

More information

Version 1.0. Ratified By

Version 1.0. Ratified By ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY Version 1.0 Ratified By Date Ratified 5 th March 2013 Author(s) Responsible Committee / Officers Issue Date 5 th March 2013 Review Date Intended Audience

More information

OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the specific documents requested,

More information

Security Policy JUNE 1, 2012. SalesNOW. Security Policy v.1.4 2012-06-01. v.1.4 2012-06-01 1

Security Policy JUNE 1, 2012. SalesNOW. Security Policy v.1.4 2012-06-01. v.1.4 2012-06-01 1 JUNE 1, 2012 SalesNOW Security Policy v.1.4 2012-06-01 v.1.4 2012-06-01 1 Overview Interchange Solutions Inc. (Interchange) is the proud maker of SalesNOW. Interchange understands that your trust in us

More information

Corporate ICT Availability

Corporate ICT Availability Policy Corporate ICT Availability Please note this policy is mandatory and staff are required to adhere to the content Summary DECD ICT facilities and information must be available during agreed operational

More information

Facility XXXX Site Security Survey Date: 10/9-10/10/02. (A) Perimeter Security Feature Yes No Comments

Facility XXXX Site Security Survey Date: 10/9-10/10/02. (A) Perimeter Security Feature Yes No Comments Facility XXXX Site Security Survey Date: 10/9-10/10/02 (A) Perimeter Security DELAY/DETER Site Boundary None of the critical facilities have protective Fence (Height and Construction) fences. Outriggers

More information

CITY UNIVERSITY OF HONG KONG Physical Access Security Standard

CITY UNIVERSITY OF HONG KONG Physical Access Security Standard CITY UNIVERSITY OF HONG KONG (Approved by the Information Strategy and Governance Committee in December 2013) PUBLIC Date of Issue: 2013-12-24 Document Control Document Owner Classification Publication

More information

Database Security Guideline. Version 2.0 February 1, 2009 Database Security Consortium Security Guideline WG

Database Security Guideline. Version 2.0 February 1, 2009 Database Security Consortium Security Guideline WG Database Security Guideline Version 2.0 February 1, 2009 Database Security Consortium Security Guideline WG Table of Contents Chapter 1 Introduction... 4 1.1 Objective... 4 1.2 Prerequisites of this Guideline...

More information

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This

More information

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the

More information

DC-8706K Auto Dial Alarm System

DC-8706K Auto Dial Alarm System DC-8706K Auto Dial Alarm System User Guide Basic Contents: 1x the host unit; 1x wireless door (window) magnet; 1x wireless infrared detector; 2x remote control; 1x siren; 1x phone core; 1x AC to DC power

More information

Barrington Hills Police Department

Barrington Hills Police Department Barrington Hills Police Department Home Security Checklist Use this as a guide as you check your home for safety measures. Boxes marked indicate areas where you could take action to improve your home s

More information

INFORMATION & COMMUNICATIONS TECHNOLOGY (ICT) PHYSICAL & ENVIRONMENTAL SECURITY POLICY

INFORMATION & COMMUNICATIONS TECHNOLOGY (ICT) PHYSICAL & ENVIRONMENTAL SECURITY POLICY INFORMATION & COMMUNICATIONS TECHNOLOGY (ICT) PHYSICAL & ENVIRONMENTAL SECURITY POLICY 1. PURPOSE In respect to this policy the term physical and environmental security refers to controls taken to protect

More information

CITY OF BOULDER *** POLICIES AND PROCEDURES

CITY OF BOULDER *** POLICIES AND PROCEDURES CITY OF BOULDER *** POLICIES AND PROCEDURES CONNECTED PARTNER EFFECTIVE DATE: SECURITY POLICY LAST REVISED: 12/2006 CHRISS PUCCIO, CITY IT DIRECTOR CONNECTED PARTNER SECURITY POLICY PAGE 1 OF 9 Table of

More information

Network Security Policy

Network Security Policy IGMT/15/036 Network Security Policy Date Approved: 24/02/15 Approved by: HSB Date of review: 20/02/16 Policy Ref: TSM.POL-07-12-0100 Issue: 2 Division/Department: Nottinghamshire Health Informatics Service

More information

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms

More information

Qualification Specification. Level 4 Certificate in Cyber Security and Intrusion For Business

Qualification Specification. Level 4 Certificate in Cyber Security and Intrusion For Business Qualification Specification Level 4 Certificate in Cyber Security and Intrusion For Business ProQual 2015 Contents Page Introduction 3 Qualification profile 3 Centre requirements 4 Support for candidates

More information

UK Inflammatory Bowel Disease Audit Biologics Audit system and hosted server Security Details

UK Inflammatory Bowel Disease Audit Biologics Audit system and hosted server Security Details UK Inflammatory Bowel Disease Audit Biologics Audit system and hosted server Details www.ibdbiologicsaudit.org Table of contents For further information contact: biologics.audit@rcplondon.ac.uk Overview...2

More information

Security Alarm Monitoring Protocol

Security Alarm Monitoring Protocol Security Protocol TABLE OF CONTENTS 1.0 PURPOSE. Page 1 2.0 SCOPE.. Page 1 3.0 DEFINITIONS... Page 1 4.0 PROTOCOL 4.1 General.. Page 4 4.2 of Buildings Perimeter Page 5 4.3 of Buildings Interior Room or

More information

IT - General Controls Questionnaire

IT - General Controls Questionnaire IT - General Controls Questionnaire Internal Control Questionnaire Question Yes No N/A Remarks G1. ACCESS CONTROLS Access controls are comprised of those policies and procedures that are designed to allow

More information